- transparently block viruses during SMTP connections
This manual describes smtp-gated v. 22.214.171.124
[-f] [ -h | -s | -S | -r | -t | -T | -v | -V ] config_file
checks SMTP traffic and blocks any viruses found. It can also
spam-check messages. E-mail containing virus is blocked (SMTP-server session
is brought down), and a proper message is sent to client software. E-mails
found to be a SPAM, can also be blocked, or just the fact is logged.
uses netfilter framework to forward connections to destination
MTA. It's meant to be transparent, so any SMTP-authentication works ok. Also
pipelining extension is supported.
Daemonised scanning engines support is integrated, so there is minimal
performance hit on scanning.
Configuration is done with config_file. There is no default path for it. If you
would like to create configuration template, see -t
smtp-gated -t | sed -e 's/^[a-z]/;&/'
To make upgrades easier, be sure not to uncomment unneccesary options.
Options marked with CONFIG
require config file on command line. For
others, no config file means default configuration.
- -C name [CONFIG]
- show value for configuration variable "name"
- run foreground, use for debugging
- command reference
- -K [CONFIG]
- kill running process (TERM in SIGNALS)
- -s [CONFIG]
- prepare & show process status (USR1 in SIGNALS)
- -S [CONFIG]
- prepare & show process status file name
- -r [CONFIG]
- reload configuration (HUP in SIGNALS)
- syntax check & dump configuration (except messages)
- -T [CONFIG]
- syntax check & dump configuration (including messages)
- show version
- show version & compiled-in options
- required for most commands, except -t and -T.
- reload configuration
- dump statistics (see -s in OPTIONS)
- close server socket and wait for existing sessions to finish.
- same as above
Listening port MUST be protected from world-access or proxy will act as
open-relay. This can be achieved either by setting bind_address to internal
IP, or by denying listen-port access from outside world using iptables.
You can request status dump, by using smtp-gated -s config_file
sending SIGUSR1 to daemon process. This will write status to the
It will contain the following (may change in further versions):
- Start time: Thu Mar 3 17:06:21 2005
- daemon start time
- Restart time: Tue Mar 15 14:34:41 2005
- daemon last SIGHUP time
- Uptime: 11d 21h 28m 22s
- time since 'Start time'
- Found: 43/0 (viruses/spam)
- number of [viruses/spam] found so far; this *does not count* any
virus/spam avoided with client-lock (see: Rejects: lock)
- Children: 1/18 (current/max)
- current/maximum number of user sessions
- Requests: 25238/113/7506 (total/direct/empty)
- total number of sessions/direct (=TLS) sessions/empty sessions (=without
- Rejects: 0/458/10421/0 (host/ident/lock/other)
- Rejected requests; because of
Next, current running sessions:
- internal connection table client slot
- serving process ID
- SMTP session state
- session flags:
AUTH: a=supported, A=accepted
- session running time
- source (client) IP
- destination (server/MTA) IP
- number of current transaction
- client-received byte count
- server-received byte count
- average speed (since connection started) in kbits/second
- client ident*
See http://smtp-proxy.klolik.org/#bugs for details.
Bartlomiej Korupczynski <firstname.lastname@example.org>